What’s the best way to get buy-in to SOAR from executive leadership?
Sort by:
If I go to the board or a higher level authority, and I force cooperation from a peer group, that is going to sour that relationship going forward. And it's going to make everything we have to do bad, difficult and hard. And I have to avoid that. That just makes our job miserably tough.
I’ve been taking a new strategic approach. Everybody likes it when they get something for free, so what I've done is, and I get mixed success, I make deals with the devil. Security compared to other IT groups, our budget gets cut last. Our budget may not be as large as IT operations, but when it comes time to make cuts, we get cut last. So, when I say, "Hey, look, I need to invest in SOAR. It's what I need to do to make my job better. And I need to work with your network to make your job better,” I also say I'm going to pay for it. I'm going to foot the bill. I'll let you own it. It's yours, but here are the things I needed to do.
At IPG, security speaks to the board twice a year. Some groups speak to the board only every other year. So we have a voice. My approach is to ask, “What can I do to help you out? To make your problems go away? How can I help with our influence, our ability?” And that gets us some traction. Not the best traction, and then if the board says, "You will cooperate." It kind of gets us there. You gotta walk that line.
When talking about going to the board if you are going to the board two times a year, and you've got that voice, I think another excellent opportunity is network teams don't ever have all the budgets they want, and infrastructure teams are always screaming. Who's going to complain about, "Hey, can I help you get a switch or refresh? But here's what I need out of that.” So, I think they care and they stick a little bit with that, but I think at least our network team is absolutely thrilled if we want to go help them chase money.
I think that we have to change the paradigm where I don’t have to coerce somebody to allow me to have the right to at least a temporary block while the decision-maker gets to the table to see the criticality of a threat. We have to bring that conversation forward.
So, I wonder if it's time for us to start, together as professionals, crafting the argument that we take to the boards, which is this is a ticket to entry. Look at it from the transference of risk and what's happening across the industries. I don't think supply chain attacks are going to go away. I think we're going to see an increase in these things. I don't think the powers that be and the leaders that are responsible for enterprise risk and the reduction of that risk, really understand the compounding issues that are occurring as we continue to adopt more fluid digital capabilities. I think we can actually craft an argument that allows us for the first time to start taking lead in these defense design and defense conversations.
A SOAR type solution may be table stakes. Not only do we have to look at the board and say, "Hey, look, if we're going to play in a business, we need this." But we also need to come together, industry, and us as professionals, and create some standards around it.
When you buy SOAR, you're going to have to probably buy 2-3x more in professional services just to help integrate with the API's and everything else you need. If the industry gets together and says in a secure manner, “this is the standards we will use for the API's, and for communicating out, for ingesting data in, telemetry in and so on from the SIMS or whatever,” that would make the table stakes a whole lot easier for the corporations. So, as a professional community or a security community, we could definitely start bringing that together. But the vendors have to come to the table with us.